social science experiment

Social Science Experiment

Jan-Willem Bullee

2 Cyber-crime Science

Background

Effectiveness of authority on compliance

We can get some of the answers from» Literature (Meta-analysis)

» Attacker stories/interviews

But the answers are inconclusive» Different context

» Hard to measure human nature

» Difficult to standardize behaviour.


Principles of Persuasion

Authority» More likely to listen to an police officer

Conformity» Peer pressure

Commitment» Say yes to something small first

Reciprocity» Return the favour

Liking» People like you and me

Scarcity» Wanting the ungettable


Literature on Authority

Classical Milgram Shock Experiment» 66% full compliance

[Mil63] S. Milgram. Behavioral study of obedience. The Journal of Abnormal and Social Psychology, 67(4), 371–378.


Introduction Key Experiment

Get something from an employee

Equal to password or PIN

Intervention

Impersonate


Experimental Setup

Design

Intervention» Written memo

» Key-chain

» Poster

R1 X OR2 O


Hypotheses

H0: Intervention and Control comply equally

H0: Authority and Control comply equally

H0: Effect of Authority on compliance


Results

351 rooms targeted» N=118 (33,6%) populated

Demographics Targets» Female: 24 (20%) Male: 94 (80%)

» Mage = 34, range (23-63) years

Overall compliance distribution» 52.5%/47.5%


Results


Results

Intervention distribution» 60%/40%

H0: Intervention and Control comply equally» χ²-test

» Hypothesis rejected


Results

Authority distribution» ≈50/50

H0: Authority and Control comply equally» χ²-test

» Hypothesis accepted


Results

Effect of authority» Logistic Regression

» Employees that did not get the intervention are 2.84 times morelikely to give their key away

Intervention Give Key


Results

Effect of authority» Logistic Regression

» Employees that did not get the intervention are 2.84 times morelikely to give their key away

» Authority: No effect

Intervention

Authority

Give Key


Results

Comments:» “Great test!” “Cool Experiment” “Interesting study”

» “I had doubts” “Having an keychain is important”

» “Suspicious looking box”

» “Guy in suit looked LESS trustworthy”

» “Asked for my ID”

» “Trusted me since I looked friendly”

» “I feel stupid”

» “I didn’t wanted to give the key, but did it anyway”


Take Home Message

Children, animals, people never react the way you want.

Limited availability in July and August

You are not important for others

…unless you want to break the system

1/3 of employees works on a Wednesday in September

2.84 times higher odds to get key if no intervention


Charging Mobile Phone


Charging Mobile Phone

What are the security considerations of the users of a public mobile phone charger?» What is the use rate of the device (per number of

people at that location per hour),

» Why do people use (or not) the system?

» How do the safety perceptions of the current users differ between the former users and the non-users.

You are the researchers!


Crime Prevention

CPTED Framework (Crime Prevention Through Environmental Design)

Activity Support» Eyes on the street» Unfortunately: also provides opportunity» Overall crimes are reduced by increasing activity

[Coz05] Cozens, P. M., Saville, G., & Hillier, D. (2005). Crime prevention through environmental design (CPTED): a review and modern bibliography. Property management, 23(5), 328-356.


Hypotheses

H0: Cabinets in busy and quite areas are equally used.

H0: Cabinets with surveillance (e.g. service desk) and with no surveillance are equally used.

H0: Cabinets in lunch hours (e.g. lunch) and lecture hours are equally used.


Our Design

Researchers: You (Student)

Target: Fellow Students and Employee

Goal: Observe» Observe and interview people

Interface: Face 2 Face

Count people and short questionnaire


Method : Our design

2 experimental conditions» Users of the system / non users of the system

6 locations» Experimental: Bastille, Hal-B, Horst and Spiegel» Control: ITC (city center), Ravelijn


Method : Our procedure

Subjects from the experimental building» Teams of 1 researcher» One minute count: the people that pass-by» Approach users of the system

Subjects from the control building» Teams of 2 researchers

» Interview people walking in the area

More details on the course-site


What to do

Before Tuesday 9 September» Register in the Doodle

On 10, 17 (and 24) September» 09:30 - 09:50 Briefing at ZI4047

» Travel to location

» 10:30 - 12:45 Experiment

» 12:45 - 13:30 Break and travel

» 13:30 - 15:45 Experiment part 2


What to do

We have permission to do this only at» UT: Bastille, Hal-B, Horst, Ravelijn, Spiegel and ITC

Enter your data in SPSS» Directly after the attack

» Come to me ZI4047

Earn 0.5 (out of 10) bonus points


Ethical issues

Informed consent not possible

Zero risk for the subjects

Approved by facility management

Consistent with data protection (PII form)

Approved by ethical committee, see http://www.utwente.nl/ewi/en/research/ethics_protocol/

http://www.utwente.nl/ewi/en/research/ethics_protocol/


Conclusion

Designing research involves:» Decide what data are needed

» Decide how to collect the data

» Use validated techniques where possible

» Experimental Design, pilot, evaluate and improve

» Training, data gathering


Further Reading[Cia09] R. B. Cialdini. Influence: The Psychology of Persuasion. Harper Collins, 2009. http://www.harpercollins.com/browseinside/index.aspx?isbn13=9780061241895

[Gre96a] T. Greening. Ask and ye shall receive: a study in 'social engineering'. SIGSAC Rev., 14(2):8-14, Apr 1996. http://doi.acm.org/10.1145/228292.228295

[Hof66] C. Hofling, E. Brotzman, S. Dalrymple, N. Graves, and C. Pierce. An experimental study in Nurse-Physician relationships. J. of Nervous & Mental Disease, 143(2):171-180, Aug 1966.

https://xs.utwente.nl/owa/redir.aspx?C=0GeErByapEaQ1Zji3YyokjySGa7cetAIRFIA-8iH5uPDCjZR7QkPHCY-jfex7jEnIWhDL61QTE0.&URL=http%253a%252f%252fwww.harpercollins.com%252fbrowseinside%252findex.aspx%253fisbn13%253d9780061241895

https://xs.utwente.nl/owa/redir.aspx?C=0GeErByapEaQ1Zji3YyokjySGa7cetAIRFIA-8iH5uPDCjZR7QkPHCY-jfex7jEnIWhDL61QTE0.&URL=http%253a%252f%252fdoi.acm.org%252f10.1145%252f228292.228295

social science experiment

Documents

electric shock

cybercrime scienceliterature

previous shock milgram

het liever

teacher role

het lezen van veel artikelen

password greening

password file